Skip to main content

Samuel Thibault on GNU Hurd




The Unix model usually strongly separates the "privileged" user from the non-privileged users. The former usually have all possible privileges, while the latter have very restricted privileges, limited to their own home directory, and at best sometimes allowance to mount removable media. One of the answers from userland has for instance been GVFS, which permits GNOME applications to transparently access not only what the system proposes, i.e. actually what the privileged user proposes, but also what userland-provided content, such as files from FTP, SMB, etc. Another interesting example is using SOCKS to access an intranet website. Some browsers natively support using a SOCKS proxy, and for those which don't, libsocks4 can be used to transparently make them do.

These approaches (embedding) are however limited and impede composition, since they mostly have to be explicited in the source code. What if a removable media is formated with a special filesystem? What if the intranet website can not be accessed through ssh, but only through a VPN? Why not being allowed to run a PPP tunnel over a serial port when one already has granted access to the serial port? These are usually not an issue on the desktop, where the unprivileged user is actually also the privileged user, and people have become used to tinkering something through sudo, FUSE, TAP, etc. but it's still tedious and potential security holes. On a freshly-installed system, can't one e.g. just run tar xf /ftp://ftp.gnu.org/pub/gnu/gcc/gcc-4.6.0/gcc-4.6.0.tar.bz2 to download and unpack a tarball in one go? Actually, on a GNU/Hurd system, one can.

Funnily enough, even if GNU is Not Unix, GNU/Hurd uses a very unixish approach to bring extensibility: files. By introducing the concept of translator, which is actually its real core, GNU/Hurd lets a user easily achieve a wide range of tasks which require particular privileges on usual Unix systems, examples include accessing the content of an iso image from a shell, chrooting, routing application network traffic through a VPN, IP translation…

This talk will present the notion of translator, and through some examples of translators which already work, show the range of power that it brings to "non-privileged" users (i.e. actually the #0 freedom) without breaking security, and how it compares with the Linux GVFS/FUSE/CUSE/etc. equivalents.

Further reading
============
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.37.9653&rep=rep1&type=pdf
http://people.debian.org/~mbanck/debian-hurd.pdf

Slides
=====
http://www.gnu.org/ghm/2011/paris/slides/samuel-thibault-hurd.pdf
http://wenku.baidu.com/view/ec06df03a6c30c2259019e1b.html


Run time 43 minutes 15 seconds
Producer Samuel Thibault
Audio/Visual sound, color

Credits

http://hurd.gnu.org/
http://www.debian.org/ports/hurd/

Reviews

There are no reviews yet. Be the first one to write a review.
In Collection
Community Video
Uploaded by
GalaxiesAbove
on 2/7/2012
Views
607
Favorites
2
PEOPLE ALSO FOUND
Community Video
by re:publica
45
0
0
Community Video
69
0
0
Community Video
552
0
0
Community Video
by University of Waterloo
172
0
0
Community Video
by Personal Democracy Forum
104
0
0